| PascalReger | 13.02.2013 13:08 |
Gvu trojaner 2013 mit webcam infiziert
GVU TROJANER 2013 MIT WEBCAM
Guten Morgen,
Ich habe mir gestern Nacht den GVU TROJANER mit Webcam eingefangen.
Die "Notfall CD" lässt sich über das BIOS nicht starten.
Ich habe es dann mit der Systemwiederherstellung probiert.
Der Bildschirm mit der Forderung ist verschwunden, dennoch habe ich kein Zugriff auf das Internet nur im abgesicherten Modus.
Gestern Abend hat Malwarebytes Anti-Malware zwei infizierte Objekte in die Quarantäne gesteckt, habe ihn vor 10 Minuten nochmal durchsuchen lassen, kein Fund.
Könnte dringen Hilfe gebrauchen diesen Trojaner loszuwerden.
VIELEN DANK! :dankeschoen: OTL.txtOTL Logfile: Code:
OTL logfile created on: 13.02.2013 13:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free
6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.13 13:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Downloads\OTL.exe
PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - [2013.02.09 17:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.26 17:31:23 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 20:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.21 14:50:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.13 18:14:00 | 000,247,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe -- (DfSdkS)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.19 07:33:38 | 000,387,616 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 07:33:38 | 000,178,720 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2003.07.28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - [2012.10.10 20:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.10.08 19:53:56 | 000,026,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.31 20:23:12 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.01 14:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.06.07 11:32:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.06 17:49:48 | 000,029,248 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV - [2011.06.06 17:44:55 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2011.05.25 08:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.01 05:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.08.12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.08 14:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.06.11 13:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.01.25 06:11:32 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010.01.25 06:11:30 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010.01.25 06:11:24 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010.01.25 06:11:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010.01.11 10:29:36 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2009.12.07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 18:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.11.25 14:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.30 10:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B 92 16 C7 46 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A7C8B4E-A7AB-46CF-898F-9C093B798333}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34F6E3FD-A231-441A-8F85-DA39992B2FD9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{3DB9F006-E73E-4648-A5AF-31EB1D2C7439}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE510
IE - HKCU\..\SearchScopes\{FDC14845-92E0-4300-BE4C-BB33F1F0F4BB}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.openintab: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.06 22:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 13:22:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.13 18:36:53 | 000,000,000 | ---D | M]
[2011.06.07 10:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions
[2012.10.30 11:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions
[2012.05.31 11:17:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011.09.02 20:16:38 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\support@predictad.com
[2012.07.21 14:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.31 20:35:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.08.31 20:35:06 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.07.21 14:50:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.16 20:42:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.21 14:50:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.21 14:50:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.21 14:50:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.21 14:50:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.21 14:50:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.21 14:50:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 4\ashsnap.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.196.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4005449D-608D-4766-86BE-D3619A65B178}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC166F5-11BE-4B20-A332-F9BE4608AD23}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD8D62F5-4B09-46B2-A88F-EEBE97EFE6EC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell - "" = AutoRun
O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell - "" = AutoRun
O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell - "" = AutoRun
O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell - "" = AutoRun
O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.13 12:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.13 12:51:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.13 02:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Lite
[2013.02.13 02:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
[2013.02.13 01:33:54 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
[2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.13 13:09:42 | 000,000,156 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.02.13 12:51:41 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.13 12:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.13 12:31:32 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.02.13 12:31:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 12:26:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 12:00:35 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000UA.job
[2013.02.13 11:56:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.13 11:56:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.13 11:56:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.13 11:56:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.13 03:57:56 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\Windows\System32\ctfmon.exe
[2013.02.13 01:11:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\7084724.pad
[2013.02.12 18:48:47 | 000,437,618 | ---- | M] () -- C:\Users\Pascal\Desktop\southside+track.png
[2013.02.12 18:35:48 | 009,104,265 | ---- | M] () -- C:\Users\Pascal\Desktop\untitled.mp3
[2013.02.12 15:35:31 | 010,425,016 | ---- | M] () -- C:\Users\Pascal\Desktop\m,..mp3
[2013.02.07 20:00:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000Core.job
[2013.02.03 18:50:03 | 000,036,104 | ---- | M] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg
[2013.02.03 13:17:40 | 000,113,768 | ---- | M] () -- C:\Users\Pascal\Documents\deadmau5.jpg
[2013.01.30 20:04:26 | 000,049,902 | ---- | M] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg
[2013.01.29 12:55:36 | 000,001,019 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.26 10:14:50 | 000,204,871 | ---- | M] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg
[2013.01.23 10:36:09 | 000,063,344 | ---- | M] () -- C:\Users\Pascal\Documents\43858944.jpg
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.13 13:09:40 | 000,000,156 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.02.13 12:51:41 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.13 00:21:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\7084724.pad
[2013.02.12 18:48:47 | 000,437,618 | ---- | C] () -- C:\Users\Pascal\Desktop\southside+track.png
[2013.02.12 18:34:26 | 009,104,265 | ---- | C] () -- C:\Users\Pascal\Desktop\untitled.mp3
[2013.02.12 15:33:18 | 010,425,016 | ---- | C] () -- C:\Users\Pascal\Desktop\m,..mp3
[2013.02.03 18:50:09 | 000,036,104 | ---- | C] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg
[2013.02.03 13:17:56 | 000,113,768 | ---- | C] () -- C:\Users\Pascal\Documents\deadmau5.jpg
[2013.01.30 20:04:30 | 000,049,902 | ---- | C] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg
[2013.01.26 10:15:20 | 000,204,871 | ---- | C] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg
[2013.01.23 10:36:14 | 000,063,344 | ---- | C] () -- C:\Users\Pascal\Documents\43858944.jpg
[2012.12.05 15:41:37 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll
[2012.11.18 22:58:34 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.18 22:58:34 | 000,138,056 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\PnkBstrK.sys
[2012.11.18 22:58:11 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.18 22:58:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.02 20:15:33 | 000,828,671 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Tempmusic.ogg
[2012.10.26 18:40:44 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.08 20:26:10 | 000,001,467 | ---- | C] () -- C:\Users\Pascal\.recently-used.xbel
[2012.05.19 16:14:18 | 000,001,206 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.ini
[2012.05.19 16:14:18 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.05.03 20:30:40 | 000,000,001 | ---- | C] () -- C:\Users\Pascal\0.cdat
[2012.01.30 22:35:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.01.30 22:35:09 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011.12.07 18:24:28 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2011.09.02 19:44:44 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.08.31 20:34:46 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.08.31 20:34:46 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.08.13 14:01:33 | 000,000,313 | ---- | C] () -- C:\Windows\System32\aptmp.exe
[2011.08.10 17:09:08 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI
[2011.06.07 12:44:38 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat
[2011.06.06 21:30:49 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.06.06 21:30:49 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.06.06 17:36:20 | 000,704,512 | R--- | C] () -- C:\Windows\System32\cohelper.dll
[2011.06.06 17:36:20 | 000,005,940 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.05.20 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2012.10.06 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\1&1 Mail & Media GmbH
[2013.01.08 13:07:29 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Amazon
[2012.12.05 15:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Apowersoft
[2011.08.16 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Canneverbe Limited
[2011.08.14 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.06.07 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DAEMON Tools Lite
[2013.02.13 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Dropbox
[2012.03.11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DVDVideoSoft
[2011.06.22 12:31:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FFSJ
[2011.09.02 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FreeAudioPack
[2011.06.21 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\GlarySoft
[2012.10.08 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\gtk-2.0
[2013.02.04 20:54:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ICQ
[2012.12.08 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\MAGIX
[2011.12.04 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Nik Software
[2012.05.22 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\OpenOffice.org
[2012.11.11 17:17:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin
[2012.11.30 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\pokerth
[2011.07.31 17:20:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ProtectDisc
[2011.07.14 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Reviversoft
[2011.08.11 08:43:59 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Sierra
[2011.08.16 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Steinberg
[2011.07.26 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TW7Booster
[2013.02.13 12:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
--- --- ---
Extras.txtOTL Logfile: Code:
OTL Extras logfile created on: 13.02.2013 13:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free
6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DE06E1C-72A2-4658-B707-1906837ED91B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3107194F-24E8-4460-88F7-B232E65D6DAE}" = lport=138 | protocol=17 | dir=in | app=system |
"{353BA680-E2A4-44E1-81C9-9A7B81EFA9B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76A10545-3C38-4F0E-99BC-79D1B7BBF047}" = rport=138 | protocol=17 | dir=out | app=system |
"{77977981-9C9B-4E08-9116-2558F6554D61}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E568506-1C74-4B46-9C17-6A1C25F4F561}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86F83E5E-1B10-48FA-9CB1-113C9CAE9EB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6825819-2EFA-410B-8734-6749691F1B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B39A7E4E-EE49-4E2A-9E55-10F995F12867}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8FE9BDC-FB13-4549-AFA1-FB593B100B86}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8CEA302-CF4D-4185-8394-F4AA7B3E5FAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1403F13-7383-428C-B8CB-B451EB2A1043}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E881C05E-2D2E-4151-81B5-30B8C4A838D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE5A7302-0665-4B92-A030-14D02B4A03D6}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0359E3BF-4328-4868-AB04-DCA8F7728F12}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe |
"{0406422B-E2BD-4854-B536-BABB469B33B4}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{0597DAC2-EDA8-4DA3-B6BB-B7A0BD921FAB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0856CAA2-5BBA-433E-B0E8-F32DD0D5A44B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{0C8B7CB3-2971-457E-A2C5-DD3499D5F4AB}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{0D7A9C9A-06B6-42B6-B844-0B26B5400B59}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{0F8FD49F-5F01-4E1B-BE93-58A22D10FC55}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe |
"{11E10E45-FE36-4AB3-ABAE-F328933AFCC0}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{1638D10E-D7B0-4AF3-A4B4-A1FF076C9638}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe |
"{192A9B63-F900-4747-B7FE-2A05C8276D60}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{1FDC2394-2CE8-4DEA-A657-4E04D5D18D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20FD62CD-62D5-41E9-A54D-74E8FF7EB220}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{2111D42D-09F1-46E2-805C-935C2F0FE4D0}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{23B66CF0-B1F9-474A-804E-F1A5284D9D04}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{317EA025-5DDD-47D1-B293-F2B4C78DF1A2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe |
"{32F7863C-03A0-46FC-AD0A-4B515FAF070C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe |
"{35E53B8E-2D9E-4E1A-8BE9-BBD5356D55AB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{38B87E17-E494-4497-A892-E8B39EC21442}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{44B40EFD-8F7C-42BF-B868-580C5FEAF7E5}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{48BDE269-0346-413B-ABBB-9E1D4C3BF070}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{4BB3551E-8BD2-4466-B97E-7791180F94F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4E1E7D20-7C2D-4CF8-9333-CF7E44E51A85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E2E0BE6-B43B-4ADE-8C9C-AEF899411184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{544241BD-143F-44A3-890A-D656F9B9D337}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{5596AEA6-0FC4-4215-AF36-621D6190174C}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{57782BCF-B4F7-4D34-A78E-A45C4B922C54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe |
"{57C255AF-76B3-432C-A794-708D28ED5734}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{6374BA1A-A706-4B58-A544-7D60361A82E5}" = protocol=6 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe |
"{6742D14A-682E-41AC-B32F-F0FF35B0A444}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{677C3915-1459-46A7-97B3-B5846A800CBC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6896FDCE-09FA-42CC-90E1-408FFBDD69E5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{6A856107-E0F2-46E1-8D3F-5911EA75E8D9}" = protocol=17 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe |
"{6F9FC5B7-188A-46DF-BEE5-18F373378819}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{6FA43757-7268-4BB6-888C-6AC18E830B40}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{730AE2A4-4784-42A4-A2BF-E432734D28B6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{77B59D61-591A-45B7-8389-F72AF6C301B9}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screen-recording-suite.exe |
"{7AB5C482-8E89-408E-BB31-EFAEC923FA57}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{7B8B1CC0-1CDC-42BA-BD89-F9976E76220A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7C870BEF-6779-4B47-B2E2-101AA453AB31}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84B6F821-5111-4ACB-AE78-272E10680ACA}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{8E67F54F-A0BE-45D0-A11B-90CFF83FAF85}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{963643A9-8F5F-4BB7-BD4E-5D4A0EED1640}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{96CA6A62-9313-4856-8AC0-237DDE4074D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{998C8197-EDE0-402A-BDEF-E28493062A37}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe |
"{9DB07269-A3D6-4DC5-A931-1DD088C2FE16}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9F032C83-0FFE-4428-8D09-7F3CFA2920D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9FCD7B25-86DB-487E-9829-467F2F13DDE7}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{9FD87759-A00D-47C1-AFFF-8B4D38F870F6}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A14EF884-1F4D-44CE-AA1D-936244CB4F94}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{ACEAFE3E-49F4-4763-A061-7AE397A4632F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{AFF81E3D-594A-432E-B98F-9BB512779FC7}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe |
"{B72C7430-78A0-45F0-9BFE-83E3C69A0FE7}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{BB21FBBD-DFDF-4C67-9614-C54868DFE2A0}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BB9AF177-7D03-47C3-BCFB-CCD017D4B4F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C424638E-76D4-454D-AC74-C2E857A863C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C9E6FC7E-2F93-479B-BEFF-D12F16C04E0A}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D093524A-B325-42D1-908A-87DE17FB28C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D9037877-97D9-4ACD-9C75-5D696CDD53D8}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screenrecordingsuite.exe |
"{DA828283-DCC9-442B-A5B8-17B880868EDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{DA82D65F-3376-4A3F-989D-10F03C8AF3CA}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe |
"{DD1EAA7B-A289-4315-B384-FA628B69FD5E}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{DE0FCFDA-B84D-4FD6-AB76-643BA2693791}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{DF4C2C86-0F9A-4EA2-A4B5-ED012678BD13}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe |
"{E21960A6-7B79-4F78-9EC6-6002A90AAF38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{E7B56168-278A-4F21-9B55-08C26007A4AA}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe |
"{E82B536D-93E8-40FA-8A9D-39BC0BD1E6FC}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe |
"{EB522692-9BC1-404B-AEC7-92ABEB476D5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{ECE5F10A-4CA3-41C6-9060-9C606260AAD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{EE68A0F6-29C1-40A9-9DCF-20071211D386}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe |
"{F4FA4662-5406-4859-9AEE-40040DEB93B7}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe |
"{FABEDBCD-346B-4C25-8C9D-D599A32CC4CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe |
"{FB1DD3B7-3F71-40D6-94F4-A2921D911CBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE34076F-F38A-49B2-A2DE-5AB5F44D0A5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe |
"TCP Query User{090BF863-3579-45F5-9E45-C5C4F26F2C71}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{232DF918-79AB-44C7-A99E-08B72E9BBA1D}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe |
"TCP Query User{263B8034-81B3-4032-A2D7-5BCFF9F61595}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe |
"TCP Query User{2A8B322C-FF83-429C-9C34-FB45953257F1}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe |
"TCP Query User{41A8E26B-E872-4883-B8C9-4DA20731BF74}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{522E8EB8-962B-425B-BD99-CE8AD7C8AEBE}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{52FB9875-306A-4EB9-91D5-46352001881C}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{5AB30AF2-DB34-4B3E-A23F-17304FD352B9}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe |
"TCP Query User{71B140E9-A2C9-4DF7-8827-6D6F96629CB1}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"TCP Query User{7D2F6781-1B1A-4501-9B9F-435BBC49C9FB}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{8703D626-DC2D-443F-99C4-6C5BE363C235}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{A25BA49F-5A99-4EC6-977B-E92AE5C7A567}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe |
"TCP Query User{A4537B76-6E2A-422C-9775-A1F2D6B31EAB}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{AA4C50C6-A6C9-426E-9CA0-1F1DEB3D5B37}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"TCP Query User{B101C106-CC1F-4C00-87E9-0A59CD5FBE1E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{C59CADEB-FA7C-42A4-B0B5-97CDEF5253FA}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{E86E99A3-E9D4-4F65-A650-07B253B6411B}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{F1B96DAD-AC3D-4EB3-9910-8431FC95DF46}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{FAE4E562-BB45-49D6-B1A7-E2370D4535E0}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe |
"UDP Query User{19F4F651-66A4-4315-90B8-185B4D3C9B3E}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{1DC3C6F5-16DD-40FE-AD58-4C27341C7C60}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{257C17CA-995F-4767-BF30-D15AE607A2B5}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{34B175F6-8772-4460-9B28-42F4D73AFD6A}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe |
"UDP Query User{4A9694D4-0B68-45C4-A935-778F236997CF}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{61377129-202F-485A-98F2-11145BDB35D9}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"UDP Query User{6D4C5CAD-5311-49E3-A0AF-CE47F0EF6C27}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{8146C230-E73F-4746-B25B-7BC874B7417B}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe |
"UDP Query User{8EF0A02D-4275-4196-90CB-DB7BF2D71594}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe |
"UDP Query User{91537DE3-35E1-4590-AFAE-E3F58CFF42E6}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BE51ABFB-BA2F-49F1-9081-85AC5F692113}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe |
"UDP Query User{C218F04D-69D0-45EE-AF0B-F925D97D3150}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{C44A2C36-4A1E-48B2-B310-2BC575F7E8C0}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe |
"UDP Query User{CC64A711-957A-4C42-A265-8F381DAE1A52}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{E147C511-9216-4EA1-8D2D-39A72DE9CCEB}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{E4384E2A-0227-4653-AD7C-7DFD360B687B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{E547B145-3365-4B53-8FF6-967768BB8DBF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{ED54214A-E11F-4D15-8EB6-2888B6D62242}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{FD18476B-A82C-4D1E-BB21-0194CE7293E1}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BC0CDD6-E0C2-434D-9365-23E79E42DA95}" = Battlestations: Midway
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ArmA 2" = ArmA 2 Uninstall
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ASIO4ALL" = ASIO4ALL
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC DNA_is1" = ASRock OC DNA v1.6
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"AutocompletePro3_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Battlestrike - Shadow of Stalingrad/DE-German_is1" = Battlestrike: Schlacht um Stalingrad
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"Counter-Strike 1.6" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealBulldog Toolbar" = DealBulldog Toolbar
"Drakensang_is1" = Drakensang
"Earth 2160" = Earth 2160
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Edirol Hyper Canvas VSTi DXi_is1" = Edirol Hyper Canvas VSTi DXi 1.6.0
"ESN Sonar-0.70.4" = ESN Sonar
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"Hardcore" = Hardcore
"Hidden & Dangerous 2 Sabre Squadron Demo" = Hidden & Dangerous 2 Sabre Squadron Demo
"HS2_is1" = Steinberg Hypersonic 2
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LUXONIX_Purity" = LUXONIX Purity
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Cutter" = MP3-Cutter
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Service Center" = Native Instruments Service Center
"NCH_EN Toolbar" = NCH EN Toolbar
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PoiZone" = PoiZone
"PokerTH 0.9.5" = PokerTH
"Predator_is1" = Rob Papen Predator V1.6.2a
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Rob Papen Blade_is1" = Rob Papen Blade 1.0.0d
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Sawer" = Sawer
"Steam App 17500" = Zombie Panic Source
"Steam App 17700" = Insurgency
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 43110" = Metro 2033
"Steam App 80" = Counter-Strike: Condition Zero
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Tone2 Gladiator Retail_is1" = Gladiator v1.2.2.0
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XFastUsb" = XFastUsb
"YTdetect" = Yahoo! Detect
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 13.02.2013 07:50:02 | Computer Name = Pascal-PC | Source = NetBT | ID = 4321
Description = Der Name "PASCAL-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.102 registriert werden. Der Computer mit IP-Adresse 192.168.2.105
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
--- --- ---
Gmer.txt
GMER Logfile: Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 13:21:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.15.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Pascal\AppData\Local\Temp\uxliapog.sys
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82644A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8267E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] kernel32.dll!CreateThread 779FDCC2 5 Bytes JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CallNextHookEx 7759ABE1 5 Bytes JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcA 7759BB1C 7 Bytes JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExA 7759BF40 5 Bytes JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExW 7759EC7C 5 Bytes JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcW 775A507D 7 Bytes JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ole32.dll!OleLoadFromStream 77246143 5 Bytes JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateThread 779FDCC2 5 Bytes JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CallNextHookEx 7759ABE1 5 Bytes JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcA 7759BB1C 7 Bytes JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExA 7759BF40 5 Bytes JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW 7759EC7C 5 Bytes JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcW 775A507D 7 Bytes JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream 77246143 5 Bytes JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 2.0 ----
--- --- --- |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Lesestoff:
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop